Hi Jean-Baptiste, As you suggested, I have tried the 2 methods, which you can find in the trail conversation with details of the xml and command I have used. Can you tell me if I am doing anything wrong or any hint/workaround or suggestion would be much appreciated .
Regards, Chitranshu -----Original Message----- From: Chitranshu Changdar Sent: 15 January 2025 08:59 To: dev@activemq.apache.org Subject: Re: Question Regarding SNI configuration in jetty.xml for AMQ Classic Hi Matt, I am creating the broker.ks using the following commands. If anything is missing let me know. Will try it out. > keytool -genkey -alias broker -keyalg RSA -keystore broker.ks -storepass > password -keypass password -dname "CN=localhost, OU=<UNIT>, O=<ORG>, > L=<Province>, ST=<STATE>, C=<Country> " -ext "SAN=dns:localhost,ip:0.0.0.0" Also 2nd thing is I am trying to bypass the SNI check, I don't want the certificate to bind to a specific IP/Address. So that's why I am trying to check provide this option to Jetty. Thanks, Chitranshu -----Original Message----- From: Matt Pavlovich <mattr...@gmail.com> Sent: 13 January 2025 23:12 To: dev@activemq.apache.org Subject: [EXTERNAL] - Re: Question Regarding SNI configuration in jetty.xml for AMQ Classic CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you feel that the email is suspicious, please report it using PhishAlarm. IIRC-- the problem could be your SSL certificate does not have the SNI fields defined. New SSL standards require more SSL fields in the generated certificate. > On Jan 12, 2025, at 9:57 PM, Chitranshu Changdar > <cchang...@opentext.com.INVALID> wrote: > > Hi, > > Need some help with AMQ Classic configurations for HTTPS connection using the > ssl certificate. > At first, I was facing with issue with jetty.xml configuration for ssl > connection, but that was resolved with the help of AMQ-9405. > For this to work with https we must generate brokers.ks with specific > hostname and if we create a generic broker.ks with localhost or 0.0.0.0, then > it returns "HTTP ERROR 400 Invalid SNI". > Till 5.17.x or 5.18.x this was working with localhost value. > > From the other sources and Jetty documentation we could see this can be > disabled with the help of "jetty.sslContext.sniRequired". > So, my question is, is there any way to add this configuration in jetty.xml > or somewhere else ? > > If anyone can provide any resolution, that would be a great help. > > AMQ Classic Version : 6.1.4 > Platform : RHEL-9.3 > > Thanks > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@activemq.apache.org For additional commands, e-mail: dev-h...@activemq.apache.org For further information, visit: https://urldefense.com/v3/__https://activemq.apache.org/contact__;!!Obbck6kTJA!dlW9FY_xbGE7lTpl1xSeSbqVVE8gxt4VQlywvQ4MJMVqsjYFE4xfy-aBQcrZUoaUYV_0Tvl-jCkAi3JiP0o$ --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@activemq.apache.org For additional commands, e-mail: dev-h...@activemq.apache.org For further information, visit: https://activemq.apache.org/contact
